Maven Best Practices

Otherwise it’s possible that you depend on two different jars which both depend on log4j. Which one gets used at compile time depends on a set of rules that you shouldn’t have to remember. They can both (!) get exported as transitive dependencies.

It’s possible that you’re getting a dependency transitively that you directly depend on at compile time. If so, it’s important to add it to your pom with the version you require. This plays nicely with the enforcer plugin.

It’s possible that you’re declaring extra dependencies that you don’t use. This doesn’t work properly 100% of the time, especially with libraries that are designed to have optional pieces (i.e. slf4j-api gets detected properly, but slf4j-log4j12 fails).